DomainKeys/DKIM Troubleshooting


Journal Level

By default, DomainKeys/DKIM only writes the error information to journal, you can go to "DKIM Plug Manager" -> Journal to check the log file(s). If you want to check the full information, you can change the log level to "Full Debug Log", it will record everything of EA DomainKeys. Please be reminded to change the log level back to "Only Error Log" after troubleshooting, otherwise the log file size will be large.


No DKIM/DomainKeys Signature Error

If your email doesn't have DKIM/DomainKeys signature after you set the DKIM/DomainKeys, you should check the followings:


Installation Permission

When you install EA DomainKeys on IIS SMTP service, please make sure you are using "Administrator" user to run the installer. If you install EA DomainKeys on Exchange Server, please make sure you are using "Domain Administrator" user to run the installer.


Verify IIS SMTP/Exchange 2000/2003 Installation

If you installed EA DomainKeys on IIS SMTP Service or Exchange 2000/2003, please open DOS prompt, and change directory to EA DomainKeys installation path\installer.

Input:
cscript smtpregex.vbs /enum

Press enter.
Please check if there is "EA DomainKeys Sink" installed in the output.

iis smtp sink

If there is no EA DomainKeys Sink, you can re-run the installer (do not uninstall) to fix this problem. You can also contact support@emailarchitect.net for assistance.


Verify Exchange 2007/2010/2013/2016/2019 Installation

If you installed EA DomainKeys on Exchange 2007/2010/2013/2016/2019, please open Exchange Management Shell.

Input:
get-transportagent
press enter.
Please check if there is "EA DomainKeys Agent" installed in the output.

exchange transport agent

If there is no EA DomainKeys Agent, you can re-run the installer directly (do not uninstall) to fix this problem. You can also contact support@emailarchitect.net for assistance.


Wrong Body Hash

It is likely that the MTA changed email content (disclaimer software or anti-virus software). Please go to DKIM setting, check "Sign a part of message" and set "Maximum length of message body to sign" to zero, then try it again.


Failed to Verify DKIM/DomainKeys Signature

If your email has DKIM/DomainKey signature, but it couldn't be verified by our online tool, you should go to DKIM/DomainKeys setting and test your public key again to make sure your public key is ok. If your public key is ok, please contact support@emailarchitect.net for assistance.


>> Using Selector
>> Using Sender Rule

See Also

Setup DomainKeys/DKIM
Deploy Public Key in DNS server
Using Selector
Using Sender Rule
Appendix - Set up SPF record in DNS server
Appendix - Set up DMARC record
Appendix - DKIM/SPF/DMARC Inbound Authentication in Exchange Server
Appendix - Use DkimPowerShell Module in PowerShell

Online

DKIM in IIS SMTP Service - Tutorial
DKIM in Exchange Server 2003 - Tutorial
DKIM in Exchange Server 2007/2010/2013/2016/2019 - Tutorial

DKIM/SPF/DMARC Inbound Authentication in Exchange Server
Bulk Email Sender Guidelines